.NET在服务器上创建计划的任务失败,并显示E_ACCESSDENIED [英] .NET create scheduled task on server fails with E_ACCESSDENIED
问题描述
我有一个ASP.NET网站(C#),该网站吸收用户数据,然后尝试创建Windows计划任务.当然,这在DEV计算机上效果很好,但是无法在服务器上运行.我正在尝试找出ASPNET用户(或匿名Web用户)需要什么权限才能创建任务.
I have an ASP.NET website (in C#) that takes in user data and then attempts to create a windows scheduled task. Of course, this works great on the DEV machine, but fails to run on the server. I'm trying to figure out what permission(s) are required on the ASPNET user (or anonymous web user) to create tasks.
错误是:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Stacktrace:
at MyScheduler.NewWorkItem(String TaskName, Guid& rclsid, Guid& riid, Object& obj)
at MyScheduler.CreateTask(String name)
我已经进行了一些搜索,建议的解决方法是使用web.config'impersonate'标志强制应用程序以具有足够权限的用户身份运行,而不是可能没有这些权限的ASPNET帐户
I've done some searching, and the suggested resolution is to use the web.config 'impersonate' flag to force the application to run as a user with sufficient permissions, as opposed to the ASPNET account which may not have those permissions.
示例:
<system.web>
<identity impersonate="true" />
</system.web>
不幸的是,这似乎无法解决问题.根据我阅读的文档,该用户应该以匿名Web用户身份运行,但似乎该用户没有足够的权限.
Unfortunately, this does not seem to resolve the issue. From the documentation I read, this should run as the anonymous web user, but it seems that user does not have enough permissions.
我更改了设置,以指定恰好是计算机管理员的特定域用户.示例:
I altered the setting to specify a specific domain user that happens to be an administrator on the machine. Example:
<system.web>
<identity impersonate="true" userName="WindowsDomain\YourUserName" password="YourPassword" />
</system.web>
这样做可以使应用程序成功创建Windows Scheduled Task.因此,显然,使用一组正确的Windows 2003权限,我可以使该应用程序像在开发环境中一样执行.但是,我不会将网络或计算机管理员帐户的用户凭据以纯文本格式放置在Web.config文件中.
Doing this allowed the application to successfully create the Windows Scheduled Task. So, obviously, with the correct set of Windows 2003 permissions I can get the app to perform as it does in the development environment. However, I'm not about to place the network or machine administrator account's user credentials in plain text on a Web.config file.
有人碰巧知道为了使ASPNET帐户表现出所需行为而确切需要设置什么权限?
Does anybody happen to know what permissions exactly need to be set in order to get the ASPNET account to behave as desired?
编辑:正在使用Win32 API创建计划任务.
The Win32 API is being used to create scheduled tasks.
推荐答案
我能够解决我的特定问题,尽管不能完全解决.我仍然没有确定创建和运行计划任务所需的确切权限,但是以下各项似乎可以正常工作:
I have been able to solve my particular problem, though not completely. I have still not identified the exact rights needed to create and run scheduled tasks, but the following seems to work:
- 将
<identity impersonate="true" />添加到Web.config - 将IUSR用户(应用程序将使用模拟用户运行该用户)添加到备份操作员"组.
- Add the
<identity impersonate="true" />to the Web.config - Add the IUSR user (which is the user the app will run as using impersonate) to the "Backup Operators" group.
这使应用程序可以访问计划任务"文件夹,以便他们可以创建和运行任务.
This gives the application access to the Scheduled Tasks folder so that they can create and run the task.
我们还有一个问题,就是这些任务试图以本地系统帐户的身份运行.不幸的是,只有管理员才能将本地系统帐户分配为运行用户,因此,为了使我们的代码正常运行,我们需要模拟为管理员帐户,而不是备份操作员.
We had an additional issue, which was that the tasks were attempting to run as the Local System Account. Unfortunately, only administrators seem to be able to assign the Local System Account as the running user, so we needed to impersonate as an Administrator account, not as a Backup Operator in order to get our code functioning correctly.
这篇关于.NET在服务器上创建计划的任务失败,并显示E_ACCESSDENIED的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
